AppSec & Supply Chain Security

Indirect prompt injection attacks target common LLM data sources

Indirect prompt injection attacks target common LLM data sources

| | AppSec & Supply Chain Security, Artificial Intelligence (AI)/Machine Learning (ML)
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient — and least noisy — way to get ...
Blog (Main)
SaaS risk is on the rise: 7 action items for better management

SaaS risk is on the rise: 7 action items for better management

| | AppSec & Supply Chain Security, security operations
The rapid rise in the use of SaaS applications — often without the IT organization's knowledge or consent — has spawned a whole new set of challenges for security teams. These include ...
Blog (Main)
MIT researchers look to tame AI code with new controls

MIT researchers look to tame AI code with new controls

| | AppSec & Supply Chain Security
Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% ...
Blog (Main)
Mobile and third-party risk: How legacy testing leaves you exposed

Mobile and third-party risk: How legacy testing leaves you exposed

| | AppSec & Supply Chain Security
Risks to software supply chains from mobile applications are increasing, largely due to a lack of deeper visibility into their codebase, a new study has found.  ...
Blog (Main)
Secrets leaks increase — and expand beyond the codebase

Secrets leaks increase — and expand beyond the codebase

| | AppSec & Supply Chain Security
Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot ...
Blog (Main)
Steve Springett -- Software and System Transparency

Rise of the xBOM: The new go-to tool for software security

| | AppSec & Supply Chain Security
The more cybersecurity leaders and software builders operationalize software bills of materials (SBOMs) to convey trust and transparency, the more they’re running into the traditional SBOM’s visibility limitations. As valuable as they ...
Blog (Main)
Verizon 2025 DBIR: Third-party software risk takes the spotlight

Verizon 2025 DBIR: Third-party software risk takes the spotlight

| | AppSec & Supply Chain Security, security operations
It’s that time of year again: Verizon Business has released the 2025 edition of the Data Breach Investigations Report (DBIR), its 18th-annual report on cybercrime. The DBIR is famous for how well ...
Blog (Main)
Changes to CVE program are a call to action on your AppSec strategy

Changes to CVE program are a call to action on your AppSec strategy

| | AppSec & Supply Chain Security
...
Blog (Main)
NIST's adversarial ML guidance: 6 action items for your security team

NIST’s adversarial ML guidance: 6 action items for your security team

| | AppSec & Supply Chain Security, Artificial Intelligence (AI)/Machine Learning (ML)
The National Institute of Standards and Technology’s latest guidance, on how to secure artificial intelligence (AI) applications against manipulation and attacks achieved with adversarial machine learning (ML), represents a major step toward ...
Blog (Main)
The cybersecurity job market is complicated: 3 key insights

The cybersecurity job market is complicated: 3 key insights

| | AppSec & Supply Chain Security, security operations
The state of the cybersecurity job market can seem like a perplexing paradox. On one hand, you’ve got frothy statistics from the likes of ISC2 stating that cybersecurity workforce shortages total 4.8 ...
Blog (Main)
Load more